中文
- The Wolf interface uses
Restful + JSON to communicate.
POST, PUT, DELETE requests all use Request Body to pass parameters, all in JSON format.Content-Type for both request and response is application/json.- The body of the response contains a unified structure, which is later documented and no longer lists the entire structure, only the
reason and data parts.
{"ok": true, "reason": "error code or message", "errmsg": "error message", data: {When successful, the data returned}}
| Field | Type | Required | Description |
|---|
| ok | boolean | Yes | Service Status |
| reason | string | No | When ok=false, reason is the error code. |
| errmsg | string | No | When ok=false, errmsg is the error message prompt. |
| data | object | No | When ok=true, data is the returned information. |
ERR_ARGS_ERROR Request parameter error, response code is 400ERR_TOKEN_INVALID TOKEN invalid or missing, response code is 401ERR_ACCESS_DENIED No authority to perform operations, response code 401ERR_DUPLICATE_KEY_ERROR duplicated when updating data, response code 400ERR_SERVER_ERROR Server internal error, response code 500
| Field | Type | Required | Description |
|---|
| id | integer | Yes | User ID |
| username | string | Yes | User name |
| nickname | string | Yes | User nickname |
| email | string | No | User email |
| appIDs | string[] | No | List of appIDs associated with users |
| manager | string | Yes | admin role, super: super admin, admin: general admin |
| createTime | integer | Yes | create time |
| Field | Type | Required | Description |
|---|
| id | integer | Yes | User ID |
| username | string | Yes | User name |
| nickname | string | Yes | User nickname |
| Field | Type | Required | Description |
|---|
| id | string | Yes | Application ID |
| name | string | Yes | Application name |
| description | string | No | Description |
| createTime | integer | Yes | Create time |
| Field | Type | Required | Description |
|---|
| id | string | Yes | Application ID |
| name | string | Yes | Application name |
| description | string | No | Description |
| secret | string | No | Secret of application, used for OAuth2 login |
| redirectUris | string[] | No | redirect urls after successful OAuth2 login |
| accessTokenLifetime | integer | No | OAuth2's AccessToken life time, in seconds. |
| refreshTokenLifetime | integer | No | OAuth2's RefreshToken life time, in seconds. |
| createTime | integer | Yes | Create time |
| updateTime | integer | Yes | Update time |
| Field | Type | Required | Description |
|---|
| id | string | Yes | Role ID |
| appID | string | Yes | Application ID |
| name | string | Yes | Role name |
| description | string | No | Role description |
| permIDs | string[] | No | List of permissions held by the role |
| createTime | integer | Yes | Create time |
| Field | Type | Required | Description |
|---|
| id | string | Yes | Permission ID |
| appID | string | Yes | Application ID |
| name | string | Yes | Permission name |
| description | string | No | Permission description |
| categoryID | integer | No | Category ID of the permission |
| createTime | integer | Yes | Create time |
| Field | Type | Required | Description |
|---|
| id | string | Yes | Category ID |
| appID | string | Yes | Application ID |
| name | string | Yes | Category name |
| createTime | integer | Yes | Create name |
| Field | Type | Required | Description |
|---|
| id | string | Yes | Resource ID |
| appID | string | Yes | Application ID |
| matchType | string | Yes | Resource match type, equal: equal match, suffix: suffix match, prefix: prefix match. |
| name | string | Yes | Resource name, when matchType is equal, name is URL, when matchType is suffix, name is suffix value, when matchType is prefix, name is prefix of URL. |
| action | string | Yes | The action/operation of the resource, usually the HTTP request method. The following values are available: ALL, GET, POST, PUT, DELETE, HEAD, OPTIONS, PATCH. where ALL indicates that all HTTP methods can be matched. |
| priority | integer | Yes | Resource priorities. |
| permID | string | Yes | permission required to access the resource |
| createTime | integer | Yes | Create time |
| Field | Type | Required | Description |
|---|
| id | integer | Yes | Log ID |
| appID | string | Yes | Application ID |
| userID | string | Yes | Operating user ID |
| username | string | Yes | Operating user name |
| nickname | string | Yes | Operating user nickname |
| action | string | Yes | Operations performed (HTTP request method) |
| resName | string | Yes | URL to access |
| status | integer | Yes | response status code |
| date | string | Yes | Date of access, formatted as yyyy-mm-dd |
| accessTime | integer | Yes | Access time, unix timestamp |
| ip | string | Yes | IP of the visitor |
The Console login interface is available only to users with administrator roles of super and admin.
Most interfaces in the administration backend require a Token, which is obtained after login with the administrator account. For interfaces that require a token, the token can be passed through the request header x-rbac-token.
The default token expiration time is 30 days. This can be changed via the environment variable CONSOLE_TOKEN_EXPIRE_TIME, in seconds. After modification, you need to restart Wolf-Server.
| Field | Type | Required | Description |
|---|
| username | string | Yes | User name |
| password | string | Yes | Password |
| authType | integer | No | Authentication type, 1: Password, 2: LDAP |
| Field | Type | Required | Description |
|---|
| token | string | Yes | User login token |
| userInfo | UserInfo | Yes | Login User Information |
| applications | SimpleApplication[] | Yes | User's application list. |
- reason:
- ERR_USER_NOT_FOUND: User do not exist
- ERR_PASSWORD_ERROR: Password error
- ERR_USER_DISABLED: User are disabled.
- ERR_ACCESS_DENIED: Non-administrative users cannot login.
- ERR_LDAP_CONFIG_NOT_FOUND: The server is not configured with LDAP when login with LDAP.
curl http://127.0.0.1:12180/wolf/user/login \
-H "Content-Type: application/json" \
-d '{ "username": "root", "password": "password"}'
{
"ok": true,
"reason": "",
"data": {
"token": "WOLF-TOKEN-ENCODE-BY-JWT",
"userInfo": {
"id": 1,
"username": "root",
"nickname": "root(super man)",
"email": null,
"appIDs": [
"openresty"
],
"manager": "super",
"createTime": 1580486400
},
"applications": [
{
"id": "restful",
"name": "restful app",
"description": "restful",
"createTime": 1580486400
}
]
}
}
To facilitate the execution of the later example, save the token above as a variable in the shell environment:
export WOLF_TOKEN="WOLF-TOKEN-ENCODE-BY-JWT"
Add a new application
| Field | Type | Required | Description |
|---|
| id | string | Yes | Application ID, must be unique |
| name | string | Yes | Application name, must be unique |
| description | string | No | Application description |
| secret | string | No | Secret of application, used for OAuth2 login |
| redirectUris | string[] | No | redirect urls after successful OAuth2 login |
| accessTokenLifetime | integer | No | OAuth2's AccessToken life time in seconds, if it is 0, use the system default: 7 days. |
| refreshTokenLifetime | integer | No | OAuth2's RefreshToken life time, in seconds, if it is 0, use the system default: 30 days. |
| Field | Type | Required | Description |
|---|
| application | Application | Yes | Newly added application information |
curl http://127.0.0.1:12180/wolf/application \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-d '{
"id": "test-app", "name": "application for test", "description": "description of application",
"secret": "d41d8cd98f00b204e9800998ecf8427e",
"redirectUris": ["http://127.0.0.1:12180/callback"],
"accessTokenLifetime": 604801,
"refreshTokenLifetime": 2592001
}'
{
"ok": true,
"reason": "",
"data": {
"application": {
"id": "test-app",
"name": "application for test",
"description": "description of application",
"redirectUris": [
"http://127.0.0.1:12180/callback"
],
"grants": null,
"accessTokenLifetime": 604801,
"refreshTokenLifetime": 2592001,
"createTime": 1580486400,
"updateTime": 1580486400
}
}
}
Modify application information
| Field | Type | Required | Description |
|---|
| id | string | Yes | Application ID, must be unique, application ID cannot be modified. |
| name | string | Yes | Application name, must be unique |
| description | string | No | Application description |
| secret | string | No | Secret of application, used for OAuth2 login |
| redirectUris | string[] | No | redirect urls after successful OAuth2 login |
| accessTokenLifetime | integer | No | OAuth2's AccessToken life time in seconds, if it is 0, use the system default: 7 days. |
| refreshTokenLifetime | integer | No | OAuth2's RefreshToken life time, in seconds, if it is 0, use the system default: 30 days. |
| Field | Type | Required | Description |
|---|
| application | Application | Yes | Modified application information |
curl http://127.0.0.1:12180/wolf/application \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X PUT \
-d '{
"id": "test-app", "name": "test-application", "description": "description of application",
"secret": "d41d8cd98f00b204e9800998ecf8427e",
"redirectUris": ["http://127.0.0.1:12180/callback2"],
"accessTokenLifetime": 604802,
"refreshTokenLifetime": 2592002
}'
{
"ok": true,
"reason": "",
"data": {
"application": {
"id": "test-app",
"name": "test-application",
"description": "description of application",
"redirectUris": [
"http://127.0.0.1:12180/callback2"
],
"grants": null,
"accessTokenLifetime": 604802,
"refreshTokenLifetime": 2592002,
"createTime": 1580486400,
"updateTime": 1580486401
}
}
}
Query a single application infomation
| Field | Type | Required | Description |
|---|
| id | string | Yes | Application ID to query |
| Field | Type | Required | Description |
|---|
| application | Application | Yes | Application information queried |
- reason:
ERR_OBJECT_NOT_FOUND The application ID of the query does not exist.
curl "http://127.0.0.1:12180/wolf/application/get?id=test-app" \
-H "x-rbac-token: $WOLF_TOKEN"
{
"ok": true,
"reason": "",
"data": {
"application": {
"id": "test-app",
"name": "test-application",
"description": "description of application",
"redirectUris": [
"http://127.0.0.1:12180/callback2"
],
"grants": null,
"accessTokenLifetime": 604802,
"refreshTokenLifetime": 2592002,
"createTime": 1580486400,
"updateTime": 1580486401
}
}
}
Query the Secret of an application.
| Field | Type | Required | Description |
|---|
| id | string | Yes | Application ID to query |
| Field | Type | Required | Description |
|---|
| secret | string | Yes | Secret of application |
- reason:
ERR_OBJECT_NOT_FOUND The application ID of the query does not exist.
curl "http://127.0.0.1:12180/wolf/application/secret?id=test-app" \
-H "x-rbac-token: $WOLF_TOKEN"
{
"ok": true,
"reason": "",
"data": {
"secret": "d41d8cd98f00b204e9800998ecf8427e"
}
}
Query the application list information.
| Field | Type | Required | Description |
|---|
| key | string | No | Matching by ID or name |
| sort | string | No | Sort field, e.g.: -id: means sort by id descending order. +name: Indicates ascending order by name. |
| page | integer | No | Page number, incremental from 1, default is 1 |
| limit | integer | No | Page size, default is 10 |
| Field | Type | Required | Description |
|---|
| applications | Application[] | Yes | application list. |
| total | integer | Yes | Total number of records |
curl http://127.0.0.1:12180/wolf/application/list \
-H "x-rbac-token: $WOLF_TOKEN"
{
"ok": true,
"reason": "",
"data": {
"applications": [
{
"id": "restful",
"name": "restful app",
"description": "restful",
"redirectUris": [
"http://localhost:12180/wolf/oauth2/client_app"
],
"grants": null,
"accessTokenLifetime": 3600,
"refreshTokenLifetime": 2592000,
"createTime": 1578817535,
"updateTime": 1587375156
},
...
],
"total": 6
}
}
Search all applications, no pagination.
None
| Field | Type | Required | Description |
|---|
| applications | Application[] | Yes | all application list. |
| total | integer | Yes | Total number of records |
curl http://127.0.0.1:12180/wolf/application/list_all \
-H "x-rbac-token: $WOLF_TOKEN"
{
"ok": true,
"reason": "",
"data": {
"applications": [
{
"id": "restful",
"name": "restful app",
"description": "restful",
"redirectUris": [
"http://localhost:12180/wolf/oauth2/client_app"
],
"grants": null,
"accessTokenLifetime": 3600,
"refreshTokenLifetime": 2592000,
"createTime": 1578817535,
"updateTime": 1587375156
},
...
],
"total": 6
}
}
Delete an application
| Field | Type | Required | Description |
|---|
| id | string | Yes | Application ID to be deleted |
| Field | Type | Required | Description |
|---|
| count | integer | Yes | Number of deletions, usually 1. |
- reason:
ERR_OBJECT_NOT_FOUND The application to be deleted does not exist.
curl http://127.0.0.1:12180/wolf/application \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X DELETE \
-d '{
"id": "test-app"
}'
{
"ok": true,
"reason": "",
"data": {
"count": 1
}
}
Add a new user
| Field | Type | Required | Description |
|---|
| username | string | Yes | User name, to be used when loginto the system, must be composed of `letter + number + underscore' and must be unique. |
| nickname | string | Yes | User nickname |
| password | string | No | The user password, if empty, will be generated by the service with a random value. |
| email | string | No | User's email.(not used) |
| tel | string | No | The user's mobile phone number. |
| appIDs | string[] | No | A list of privileged appIDs managed by the user. |
| manager | string | No | Administrative permission, super: super administrator, with all permissions, admin: with basic administrative permissions (cannot add, modify, delete interfaces to applications and users). |
| status | integer | No | User status, 0: normal status, -1: disabled status. |
| Field | Type | Required | Description |
|---|
| userInfo | UserInfo | Yes | Newly added user information |
| password | string | Yes | Password for newly added users |
curl http://127.0.0.1:12180/wolf/user \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-d '{
"username": "test-user",
"nickname": "user for test",
"password": "abc#123",
"email": "test-user@test.com",
"tel": "123456",
"appIDs": ["restful"],
"manager": "none",
"status": 0
}'
{
"ok": true,
"reason": "",
"data": {
"password": "abc#123",
"userInfo": {
"id": 1024,
"username": "test-user",
"nickname": "user for test",
"email": "test-user@test.com",
"appIDs": [
"restful"
],
"manager": "none",
"createTime": 1588576578
}
}
Modify user information
| Field | Type | Required | Description |
|---|
| id | integer | Yes | User ID, User ID to be modified |
| username | string | Yes | User name, to be used when loginto the system, must be composed of `letter + number + underscore' and must be unique. |
| nickname | string | Yes | User nickname |
| email | string | No | User's email.(not used) |
| tel | string | No | The user's mobile phone number. |
| appIDs | string[] | No | A list of privileged appIDs managed by the user. |
| manager | string | No | Administrative permission, super: super administrator, with all permissions, admin: with basic administrative permissions (cannot add, modify, delete interfaces to applications and users). |
| status | integer | No | User status, 0: normal status, -1: disabled status. |
| Field | Type | Required | Description |
|---|
| userInfo | UserInfo | Yes | Modified user information |
- reason:
ERR_USER_NOT_FOUND The user ID to be modified does not exist.
curl http://127.0.0.1:12180/wolf/user \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X PUT \
-d '{
"id": 1024,
"username": "test-user",
"nickname": "nickname for test",
"email": "test-user@test.com",
"tel": "123456",
"appIDs": ["restful"],
"manager": "none",
"status": 0
}'
{
"ok": true,
"reason": "",
"data": {
"effects": 1,
"userInfo": {
"id": 1024,
"username": "test-user",
"nickname": "nickname for test",
"email": "test-user@test.com",
"appIDs": [
"restful"
],
"manager": "none",
"createTime": 1588576578
}
}
}
Query the user information of the specified token.
None
| Field | Type | Required | Description |
|---|
| userInfo | UserInfo | Yes | Modified user information |
| applications | SimpleApplication[] | No | User Associated Applications List. |
curl "http://127.0.0.1:12180/wolf/user/info" \
-H "x-rbac-token: $WOLF_TOKEN"
"ok": true,
"reason": "",
"data": {
"userInfo": {
"id": 696,
"username": "root",
"nickname": "root(super man)",
"email": null,
"appIDs": [
"openresty"
],
"manager": "super",
"createTime": 1578401859
},
"applications": [
{
"id": "restful",
"name": "restful app",
"description": "restful",
"createTime": 1578817535
},
...
]
}
}
Query the user list information
| Field | Type | Required | Description |
|---|
| key | string | No | Search for username,nickname,tel field. |
| username | string | No | Use username for exact user matching. |
| sort | string | No | Sort field, e.g.: -id: means sort by id descending order. +name: Indicates ascending order by name. |
| page | integer | No | Page number, incremental from 1, default is 1 |
| limit | integer | No | Page size, default is 10 |
| Field | Type | Required | Description |
|---|
| userInfos | UserInfo[] | Yes | user list |
| total | integer | Yes | Total number of records |
curl http://127.0.0.1:12180/wolf/user/list \
-H "x-rbac-token: $WOLF_TOKEN"
{
"ok": true,
"reason": "",
"data": {
"userInfos": [
{
"id": 697,
"username": "admin",
"nickname": "administrator",
"email": null,
"appIDs": [
"openresty",
"restful"
],
"manager": "admin",
"createTime": 1578401859
},
...
],
"total": 6
}
}
Reset the user's password
| Field | Type | Required | Description |
|---|
| id | integer | Yes | User ID to reset password |
| Field | Type | Required | Description |
|---|
| password | string | Yes | Password to reset. |
- reason:
ERR_USER_NOT_FOUND The user to be deleted does not exist.ERR_ACCESS_DENIED Only a super administrator can do this.
curl http://127.0.0.1:12180/wolf/user/reset_pwd \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X PUT \
-d '{
"id": 696
}'
{
"ok": true,
"reason": "",
"data": {
"password": "197TLR0dPVdm"
}
}
Delete an user
| Field | Type | Required | Description |
|---|
| id | integer | Yes | User ID to be deleted |
| Field | Type | Required | Description |
|---|
| userInfo | UserInfo | Yes | Deleted user information |
| count | integer | Yes | Number of deletions, usually 1. |
- reason:
ERR_USER_NOT_FOUND The user to be deleted does not exist.ERR_PERMISSION_DENY Can't delete super accountERR_ACCESS_DENIED Only a super administrator can do this.
curl http://127.0.0.1:12180/wolf/user \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X DELETE \
-d '{
"id": 2756
}'
{
"ok": true,
"reason": "",
"data": {
"count": 1
}
}
Add a new role
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID, the role can only belong to a certain application. |
| id | string | Yes | Role ID, must be unique within the application |
| name | string | Yes | Role name, must be unique within the application |
| description | string | No | Role description |
| permIDs | string[] | No | A list of permission IDs for the role. |
| Field | Type | Required | Description |
|---|
| role | Role | Yes | Newly added role information |
curl http://127.0.0.1:12180/wolf/role \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-d '{
"id": "test-role",
"appID": "restful",
"name": "role for test",
"description": "description of role",
"permIDs": ["PERM_XXX"]
}'
{
"ok": true,
"reason": "",
"data": {
"role": {
"id": "test-role",
"appID": "restful",
"name": "role for test",
"description": "description of role",
"permIDs": [
"PERM_XXX"
],
"createTime": 1588583707
}
}
}
Modify a role
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID, cannot be modified |
| id | string | Yes | Role ID, cannot be modified |
| name | string | Yes | Role name, must be unique within the application |
| description | string | No | Role Description. |
| permIDs | string[] | No | A list of permission IDs for the role. |
| Field | Type | Required | Description |
|---|
| role | Role | Yes | Modified role information |
curl http://127.0.0.1:12180/wolf/role \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X PUT \
-d '{
"id": "test-role",
"appID": "restful",
"name": "role for test",
"description": "description of role",
"permIDs": ["PERM_YYY"]
}'
{
"ok": true,
"reason": "",
"data": {
"role": {
"id": "test-role",
"appID": "restful",
"name": "role for test",
"description": "description of role",
"permIDs": [
"PERM_YYY"
],
"createTime": 1588583707
}
}
}
Adding permissions to roles. Unlike the PUT method, this method only adds new permissions. The existing permissions remain unchanged.
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID, the role can only belong to a certain application. |
| id | string | Yes | Role ID, must be unique within the application |
| permIDs | string[] | Yes | List of permission IDs to add to the role. |
| Field | Type | Required | Description |
|---|
| role | Role | Yes | Modified role information |
curl http://127.0.0.1:12180/wolf/role \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X PUT \
-d '{
"id": "test-role",
"appID": "restful",
"name": "role for test",
"description": "description of role",
"permIDs": ["PERM_YYY"]
}'
{
"ok": true,
"reason": "",
"data": {
"role": {
"id": "test-role",
"appID": "restful",
"name": "role for test",
"description": "description of role",
"permIDs": [
"PERM_XXX", "PERM_YYY"
],
"createTime": 1588583707
}
}
}
Query Role List Information
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID |
| key | string | No | Matching queries by ID or name |
| sort | string | No | Sort field, e.g.: -id: means sort by id descending order. +name: Indicates ascending order by name. |
| page | integer | No | Page number, incremental from 1, default is 1 |
| limit | integer | No | Page size, default is 10 |
| Field | Type | Required | Description |
|---|
| roles | Role[] | Yes | Role list |
| total | integer | Yes | Total number of records |
curl http://127.0.0.1:12180/wolf/role/list?appID=restful \
-H "x-rbac-token: $WOLF_TOKEN"
{
"ok": true,
"reason": "",
"data": {
"roles": [
{
"id": "test-role",
"name": "role for test",
"description": "description of role",
"appID": "restful",
"permIDs": [
"PERM_YYY"
],
"createTime": 1588583707,
"updateTime": 1588586200
},
...
],
"total": 5
}
}
Delete a role
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID |
| id | string | Yes | Role ID to be deleted |
| Field | Type | Required | Description |
|---|
| count | integer | Yes | Number of deletions, usually 1. |
curl http://127.0.0.1:12180/wolf/role \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X DELETE \
-d '{
"id": "test-role",
"appID": "restful"
}'
{
"ok": true,
"reason": "",
"data": {
"count": 1
}
}
Add a new permission
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID, permissions can only belong to a single application. |
| id | string | Yes | Permission ID, must be unique within the application |
| name | string | Yes | Permission name, must be unique within the application |
| description | string | No | Description of permissions |
| categoryID | integer | No | Permissions correspond to category IDs |
| Field | Type | Required | Description |
|---|
| permission | Permission | Yes | New permission information added |
curl http://127.0.0.1:12180/wolf/permission \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-d '{
"id": "test-permission",
"appID": "restful",
"name": "permission for test",
"description": "description of permission",
"categoryID": 1
}'
{
"ok": true,
"reason": "",
"data": {
"permission": {
"id": "test-permission",
"appID": "restful",
"name": "permission for test",
"description": "description of permission",
"categoryID": 1,
"createTime": 1588658062
}
}
}
Modify permission information
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID, cannot be modified |
| id | string | Yes | Permission ID, cannot be modified |
| name | string | Yes | Permission name, must be unique within the application |
| description | string | No | Description of permissions |
| categoryID | integer | No | Permissions correspond to category IDs |
| Field | Type | Required | Description |
|---|
| permission | Permission | Yes | Modified permission information |
curl http://127.0.0.1:12180/wolf/permission \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X PUT \
-d '{
"id": "test-permission",
"appID": "restful",
"name": "permission for test2",
"description": "description of permission2",
"categoryID": 2
}'
{
"ok": true,
"reason": "",
"data": {
"permission": {
"id": "test-permission",
"appID": "restful",
"name": "permission for test2",
"description": "description of permission2",
"createTime": 1588658062
}
}
}
Query list of permission information
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID |
| key | string | No | Matching queries by ID or name |
| sort | string | No | Sort field, e.g.: -id: means sort by id descending order. +name: Indicates ascending order by name. |
| page | integer | No | Page number, incremental from 1, default is 1 |
| limit | integer | No | Page size, default is 10 |
| Field | Type | Required | Description |
|---|
| permissions | Permission[] | Yes | List of permissions |
| total | integer | Yes | Total number of records |
curl http://127.0.0.1:12180/wolf/permission/list?appID=restful \
-H "x-rbac-token: $WOLF_TOKEN"
"ok": true,
"reason": "",
"data": {
"permissions": [
{
"id": "test-permission",
"appID": "restful",
"name": "permission for test2",
"description": "description of permission2",
"categoryID": 2,
"createTime": 1588658062,
"updateTime": 1588658246,
"category_id": 2,
"category": null
},
...
],
"total": 2
}
}
Delete a permission
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID |
| id | string | Yes | Permission ID to be removed |
| Field | Type | Required | Description |
|---|
| count | integer | Yes | Number of deletions, usually 1. |
- reason
ERR_ACCESS_DENIED The permission to delete is being used, and cannot be deleted.
curl http://127.0.0.1:12180/wolf/permission \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X DELETE \
-d '{
"id": "test-permission",
"appID": "restful"
}'
{
"ok": true,
"reason": "",
"data": {
"count": 1
}
}
User role related operations can only work on one application. So the related interfaces need to pass userID and appID parameters.
Get user roles and permissions
| Field | Type | Required | Description |
|---|
| userID | integer | Yes | UserID for which roles and permissions need to be get |
| appID | string | Yes | ApplicationID for which roles and permissions need to be get |
curl "http://127.0.0.1:12180/wolf/user-role?userID=1&appID=restful" \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN"
{
"ok": true,
"reason": "",
"data": {
"userRole": {
"userID": 1,
"appID": "restful",
"permIDs": [
"RESTFUL_INDEX"
],
"roleIDs": [
"application"
],
"createTime": 1609055508
}
}
}
Set user roles or permissions
| Field | Type | Required | Description |
|---|
| userID | integer | Yes | UserID for which roles or permissions need to be set |
| appID | string | Yes | ApplicationID for which roles and permissions need to be set |
| permIDs | string[] | Yes | List of permission IDs to be set |
| roleIDs | string[] | Yes | List of role IDs to be set |
curl http://127.0.0.1:12180/wolf/user-role/set \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-d '{
"userID": 1,
"appID": "restful",
"permIDs": ["RESTFUL_INDEX"],
"roleIDs": ["application"]
}'
{
"ok": true,
"reason": "",
"data": {
"userRole": {
"userID": 1,
"appID": "restful",
"permIDs": [
"RESTFUL_INDEX"
],
"roleIDs": [
"application"
],
"createTime": 1609054766
}
}
}
Clear user roles and permissions
| Field | Type | Required | Description |
|---|
| userID | integer | Yes | UserID for which roles or permissions need to be clear |
| appID | string | Yes | ApplicationID for which roles and permissions need to be clear |
curl http://127.0.0.1:12180/wolf/user-role \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X DELETE \
-d '{
"userID": 1,
"appID": "restful"
}'
{
"ok": true,
"reason": "",
"data": {
"count": 1
}
}
Add a new category
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application IDs, categories can only belong to a single application. |
| name | string | Yes | Category name, must be unique within the application |
| Field | Type | Required | Description |
|---|
| category | Category | Yes | Newly added categories |
curl http://127.0.0.1:12180/wolf/category \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-d '{
"appID": "restful",
"name": "category for test"
}'
{
"ok": true,
"reason": "",
"data": {
"category": {
"id": 744,
"appID": "restful",
"name": "category for test",
"createTime": 1588659229
}
}
}
Modify a category
| Field | Type | Required | Description |
|---|
| id | integer | Yes | Category ID, not modifiable |
| name | string | Yes | Category name, must be unique within the application |
| Field | Type | Required | Description |
|---|
| category | Category | Yes | Modified categories |
curl http://127.0.0.1:12180/wolf/category \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X PUT \
-d '{
"id": 744,
"name": "category for test2"
}'
{
"ok": true,
"reason": "",
"data": {
"category": {
"id": 744,
"appID": "restful",
"name": "category for test2",
"createTime": 1588659229
}
}
}
Query list of category infomation
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID |
| key | string | No | Search by name |
| sort | string | No | Sort field, e.g.: -id: means sort by id descending order. +name: Indicates ascending order by name. |
| page | integer | No | Page number, incremental from 1, default is 1 |
| limit | integer | No | Page size, default is 10 |
| Field | Type | Required | Description |
|---|
| categorys | Category[] | Yes | List of categories |
| total | integer | Yes | Total number of records |
curl http://127.0.0.1:12180/wolf/category/list?appID=restful \
-H "x-rbac-token: $WOLF_TOKEN"
{
"ok": true,
"reason": "",
"data": {
"categorys": [
{
"id": 744,
"appID": "restful",
"name": "category for test2",
"createTime": 1588659229,
"updateTime": 1588659461
}
],
"total": 1
}
}
Delete a category
| Field | Type | Required | Description |
|---|
| id | string | Yes | Category ID to be deleted |
| Field | Type | Required | Description |
|---|
| count | integer | Yes | Number of deletions, usually 1. |
curl http://127.0.0.1:12180/wolf/category \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X DELETE \
-d '{
"id": 744
}'
{
"ok": true,
"reason": "",
"data": {
"count": 1
}
}
Add a new resource
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID, resources can only belong to one application. |
| matchType | string | Yes | Resource matching type, equal: equals match, suffix: Suffix Match, prefix: Prefix Match. |
| name | string | Yes | resource name, When matchType is equal, name is the URL, When matchType is suffix, name is suffix, When matchType is prefix, name is the URL prefix |
| action | string | No | The action on the resource, usually HTTP Method. The following values are available: ALL, GET, POST, PUT, DELETE, HEAD, OPTIONS, PATCH. where ALL means that all HTTP methods can be matched. |
| permID | string | No | Permissions required to access the resource |
| Field | Type | Required | Description |
|---|
| resource | Resource | Yes | Newly added resource information |
curl http://127.0.0.1:12180/wolf/resource \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-d '{
"appID": "restful",
"matchType": "equal",
"name": "/path/to/resource",
"action": "GET",
"permID": "PERM_XXX"
}'
{
"ok": true,
"reason": "",
"data": {
"resource": {
"id": 8512,
"appID": "restful",
"matchType": "equal",
"name": "/path/to/resource",
"priority": 10483,
"action": "GET",
"permID": "PERM_XXX",
"createTime": 1588660594
}
}
}
Modifying a resource
| Field | Type | Required | Description |
|---|
| id | string | Yes | Resource ID, cannot be modified |
| matchType | string | Yes | Resource matching type, equal: equals match, suffix: Suffix Match, prefix: Prefix Match. |
| name | string | Yes | resource name, When matchType is equal, name is the URL, When matchType is suffix, name is suffix, When matchType is prefix, name is the URL prefix |
| action | string | No | The action on the resource, usually HTTP Method. The following values are available: ALL, GET, POST, PUT, DELETE, HEAD, OPTIONS, PATCH. where ALL means that all HTTP methods can be matched. |
| permID | string | No | Permissions required to access the resource |
| Field | Type | Required | Description |
|---|
| resource | Resource | Yes | Modified resource information |
curl http://127.0.0.1:12180/wolf/resource \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X PUT \
-d '{
"id": 8512,
"matchType": "equal",
"name": "/path/to/resource",
"action": "ALL",
"permID": "PERM_YYY"
}'
{
"ok": true,
"reason": "",
"data": {
"resource": {
"id": 8512,
"appID": "restful",
"matchType": "equal",
"name": "/path/to/resource",
"priority": 11483,
"action": "ALL",
"permID": "PERM_YYY",
"createTime": 1588660594
}
}
}
Query list of resources
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID |
| key | string | No | Match queries by resource name or permission |
| sort | string | No | Sort field, e.g.: -id: means sort by id descending order. +name: Indicates ascending order by name. |
| page | integer | No | Page number, incremental from 1, default is 1 |
| limit | integer | No | Page size, default is 10 |
| Field | Type | Required | Description |
|---|
| resources | Resource[] | Yes | Resource list |
| total | integer | Yes | Total number of records |
curl http://127.0.0.1:12180/wolf/resource/list?appID=restful \
-H "x-rbac-token: $WOLF_TOKEN"
{
"ok": true,
"reason": "",
"data": {
"resources": [
{
"id": 8512,
"appID": "restful",
"matchType": "equal",
"name": "/path/to/resource",
"priority": 11483,
"action": "ALL",
"permID": "PERM_YYY",
"createTime": 1588660594
},
...
],
"total": 3
}
}
Delete a resource
| Field | Type | Required | Description |
|---|
| id | integer | Yes | Resource ID to be deleted |
| Field | Type | Required | Description |
|---|
| count | integer | Yes | Number of deletions, usually 1. |
curl http://127.0.0.1:12180/wolf/resource \
-H "Content-Type: application/json" \
-H "x-rbac-token: $WOLF_TOKEN" \
-X DELETE \
-d '{
"id": 8512
}'
{
"ok": true,
"reason": "",
"data": {
"count": 1
}
}
Query list of access log information
| Field | Type | Required | Description |
|---|
| appID | string | Yes | Application ID |
| username | string | No | Search by username or user nickname |
| action | string | No | resource action |
| resName | string | No | resource name |
| ip | string | No | The IP of the user operating the resource |
| status | integer | No | HTTP status code |
| startTime | integer | No | Operate time - start time |
| endTime | integer | No | Operate time - end time |
| sort | string | No | Sort field, e.g.: -id: means sort by id descending order. +name: Indicates ascending order by name. |
| page | integer | No | Page number, incremental from 1, default is 1 |
| limit | integer | No | Page size, default is 10 |
| Field | Type | Required | Description |
|---|
| accessLogs | AccessLog[] | Yes | Access Log List. |
| total | integer | Yes | Total number of records |
curl http://127.0.0.1:12180/wolf/access-log/list?appID=restful \
-H "x-rbac-token: $WOLF_TOKEN"
{
"ok": true,
"reason": "",
"data": {
"accessLogs": [
{
"id": 27999,
"appID": "restful",
"userID": "749",
"username": "test",
"nickname": "test",
"action": "GET",
"resName": "/",
"matchedResource": {},
"status": 401,
"body": {},
"contentType": null,
"date": "2020-02-27",
"accessTime": 1582816829,
"ip": "127.0.0.1"
},
...
],
"total": 5
}
}
All interfaces starting with /wolf/rbac, are provided to Wolf's Agent It is called by the module. It is mainly used for the login and authentication processing of three-party applications.
Agentlogin page
| Field | Type | Required | Description |
|---|
| appid | string | No | The application ID to log in, if you don't have parameters, you can enter in the page |
| return_to | string | No | Set the address to jump to after successful login. The default is /. |
Login page HTML.
http://127.0.0.1:12180/wolf/rbac/login?return_to=%2Fwolf%2Foauth2%2Flogin_status&appid=restful
 |
|---|
| Login Page |
Rbac login interface
| Field | Type | Required | Description |
|---|
| appid | string | Yes | Application ID |
| username | string | Yes | Login User Name |
| password | string | Yes | login password |
| authType | integer | No | Authentication type, 1: Password, 2: LDAP |
| Field | Type | Required | Description |
|---|
| userInfo | SimpleUserInfo | Yes | Basic User Information |
| token | string | Yes | Login token |
- reason
ERR_USERNAME_MISSING username is missing.ERR_PASSWORD_MISSING password is missng.ERR_APPID_MISSING appid is missing.ERR_USER_NOT_FOUND User do not existERR_PASSWORD_ERROR Password errorERR_USER_DISABLED User are disabled.ERR_LDAP_CONFIG_NOT_FOUND The server is not configured with LDAP when login with LDAP.
curl http://127.0.0.1:12180/wolf/rbac/login.rest \
-H "Content-Type: application/json" \
-X POST \
-d '{
"username": "root",
"password": "123456",
"appid": "restful"
}'
{
"ok": true,
"reason": "",
"data": {
"userInfo": {
"id": 696,
"username": "root",
"nickname": "root(super man)"
},
"token": "RBAC_TOKEN"
}
The above token can be saved as a variable in the shell for the rest of the example:
export RBAC_TOKEN="WOLF-RBAC-TOKEN-ENCODE-BY-JWT"
The default token expiration time is 30 days. This can be changed via the environment variable RBAC_TOKEN_EXPIRE_TIME, in seconds. After modification, you need to restart Wolf-Server.
| Field | Type | Required | Description |
|---|
| appid | string | Yes | Application ID |
| username | string | Yes | Login User Name |
| password | string | Yes | Login Password |
| return_to | string | No | Set the address to jump to after successful login. The default is /. |
Redirect to the login page using 302.
Use 302 to redirect to the page specified by return_to.
And set the token to a cookie with key x-rbac-token.
curl 'http://127.0.0.1:12180/wolf/rbac/login.submit' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'return_to=%2F&appid=restful&username=root&password=123456'
< HTTP/1.1 302 Found
< Vary: Origin
< Access-Control-Allow-Origin: *
< Set-Cookie: x-rbac-token=RBAC-TOKEN; path=/; expires=Tue, 09 Jun 2020 08:47:21 GMT
< Location: /
< Content-Type: text/html; charset=utf-8
< Content-Length: 33
Query current logged in user information
None
| Field | Type | Required | Description |
|---|
| userInfo | UserInfo | Yes | user information |
curl http://127.0.0.1:12180/wolf/rbac/user_info \
-H "Cookie: x-rbac-token=$RBAC_TOKEN"
{
"ok": true,
"reason": "",
"data": {
"userInfo": {
"id": 696,
"username": "root",
"nickname": "root(super man)",
"email": null,
"appIDs": [
"openresty"
],
"manager": "super",
"lastLogin": 1589100441,
"profile": null,
"createTime": 1578401859,
"permissions": {},
"roles": {}
}
}
}
None
After the operation, the server will set the x-rbac-token in the cookie to logouted. and redirected 302 to the login page.
curl http://127.0.0.1:12180/wolf/rbac/logout \
-H "Cookie: x-rbac-token=$RBAC_TOKEN"
< HTTP/1.1 302 Found
< x-rbac-userID: 696
< x-rbac-username: root
< Set-Cookie: x-rbac-token=logouted; path=/; expires=Tue, 09 Jun 2020 09:04:56 GMT
< Location: /wolf/rbac/login.html?appid=restful
< Content-Type: text/html; charset=utf-8
< Content-Length: 101
| Field | Type | Required | Description |
|---|
| oldPassword | string | Yes | old password |
| newPassword | string | Yes | new password |
None
- reason
ERR_PASSWORD_CHANGE_NOT_ALLOWED The server does not allow password changes.ERR_OLD_PASSWORD_REQUIRED Missing old passwordERR_NEW_PASSWORD_REQUIRED Missing new passwordTOKEN_USER_NOT_FOUND User do not existERR_OLD_PASSWORD_INCORRECT Old Password error
curl http://127.0.0.1:12180/wolf/rbac/change_pwd \
-H "Cookie: x-rbac-token=$RBAC_TOKEN" \
-H "Content-Type: application/json" \
-X POST \
-d '{
"oldPassword": "old-password",
"newPassword": "new-password"
}'
{
"ok": true,
"reason": "",
"data": {}
}
Check if the user has access to the specified resource (appid + action + resName).
| Field | Type | Required | Description |
|---|
| action | string | Yes | Action, usually is HTTP Method. |
| resName | string | Yes | The name of the resource, usually URL Path or a resource extension. |
The appid doesn't need to be passed, the service gets it directly from the token.
If you have permission, the server returns the 200 status code, ok=true in json, and the user's information.
If you don't have permission, the server returns the 401 status code, ok=false in the json, and the user's information.
| Field | Type | Required | Description |
|---|
| userInfo | UserInfo | Yes | Current User Information |
- reason If you don't have permission, the corresponding message will be displayed.
curl http://127.0.0.1:12180/wolf/rbac/access_check \
-H "Cookie: x-rbac-token=$RBAC_TOKEN" \
-H "Content-Type: application/json" \
-X POST \
-d '{
"action": "GET",
"resName": "/"
}'
{
"ok": true,
"reason": "",
"data": {
"userInfo": {
"id": 696,
"username": "root",
"nickname": "root(super man)",
"email": null,
"appIDs": [
"openresty"
],
"manager": "super",
"lastLogin": 1589100441,
"profile": null,
"createTime": 1578401859,
"permissions": {},
"roles": {}
}
}
}
Back to TOC